Most hacks have an end goal of financial gain, causing disruption or stealing data, but an incident at a Florida city had a more sinister aim: poisoning the water supply. Local and federal law enforcement are now investigating the failed hack, which saw the perpetrator or perpetrators gain remote access to the local water treatment plant.
According to Reuters, someone gained remote access to TeamViewer on an employee’s computer at the facility in Oldsmar, Florida, located about 25 minutes north of Tampa, on Friday. The worker saw a popup window informing them of the intrusion before the mouse pointer started moving around the screen and opening systems.
The hackers accessed software used to control the amount of sodium hydroxide, also known as lye, that’s added to the city’s water. The chemical is used to manage the acidity of the water, and anything other than trace amounts can be extremely corrosive and damaging to human tissue—it’s commonly found in drain and oven cleaners.
The person or persons behind the attack briefly increased the sodium hydroxide concentration from 100 parts per million to 11,100 parts per million.
The Tampa Bay Times reports that a supervisor who was working remotely at the time saw the change and reversed it. The city’s Mayor, Eric Seidel, assured residents that the plant has several safeguards that would have prevented a dangerous amount of lye from being added to the water. Officials say that even if the hacker had been successful, it would have taken more than a day before the water entered the city’s supply.
The Pinellas County Sheriff’s Office, the FBI, and the Secret Service are investigating the incident. It’s unclear who was behind the attack and where it originated.